[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries

yes, that's UNIX life. convenience ~ security^-1,

I just wanted to point it out here, since I wasn't sure whether I should file a bug report against fakeroot for writing suid through, or one for the fakeroot manpage not mentioning the danger, or one for dpkg-buildpackage either for not mentioning the risk in the manpage, or for not warning that the directory I'm using is world accessible, or one for the debhelper scripts (? or? I don't know the build process enough) for not creating the tmp folders 0700.


Reply to: